As you can see from my lack of reviews, I'm new to this
hobby.  I'm in the beginning stages of email contact with a
provider, and I made the rather unromantic but innocent
mistake of inquiring if she's into cryptography, I guess
half-hoping that we would exchange PGP or S/MIME keys or
something.  Of course, she didn't know what the hell I was
talking about, and explaining it (another mistake) really
takes the excitement out of our correspondence.  I shall
learn from my stupidity.

Nevertheless, it seems to me that the use of cryptography
would be a very natural fit for people into this scene.  Not
just as protection from overzealous LE, but for other reasons
as well.  What do you all think about it?

An EXCELLENT idea Don, but probably a bit too high-tech for this crowd (no offense intended).

I have to admit I don't know what Cryptography is either. Since military secrets are the most fleeting I would figure that if this cryptography were put to use in this forum LE would soon figure a way around it.(they love their I-spy technoshit and are looking for a reason to spend tax $$$$ on it)
  Save your PGP and S/MIMI keys and concentrate on DFK & DATY/DATO.

People who have trouble with LE are typically entrapped and their machines are confiscated.  If a provider machine was confinscated,    LE would have to want to go after clients and be able to prove a violation of statue from the emails (so don't write emails you wouldn't want LE to read when you contact a provider).  

If you deal with independents rather than agencies, you have almost no chance of LE going through the time and the effort to tap email transmission to make a sex bust.

Lots of providers replace their disks every couple of months and trash the old one with a hammer.  Many providers are smart enough to erase email messages so they can't be recovered easily.

I am wondering, where you at Berkeley when Shamir was developing his thesis?  

For the benefit of public here, could you offer a compressed description of cryptographic methods available for simple emails?

Please correct me if I'm wrong, but last I checked a PGP client for WinXP was not available.  More and more home users are switching over to XP, and if not easy-to-understand and use client isn't available, they won't use it.

Most PGP users also email through mutliple anon remailers to hide their tracks - and with the good anons being located outside the US it works pretty good.  However, setting all this up and maintaining it is just not something most people want to do.  Even PGP enabled clients like Private Idaho have a pretty steep learning curve in use - and if it's not dirt simple, the average user just won't bother.

Doubtful that most providers/hobbyists will use PGP, even though there are a few who do.

Posted by gotnilsen, 9/25/2003 9:25:03 PM
Posted by inletsong, 9/25/2013 2:45:01 PM
Posted by nosinglet, 9/25/2103 5:25:04 PM
Posted by telnosing, 9/25/2003 3:25:01 PM
Posted by nosinglet, 9/25/2103 3:25:05 PM
Posted by lintsgone, 9/25/2023 3:25:09 PM
Posted by noseglint, 9/25/2003 4:25:02 PM
Posted by elsingnot, 9/25/2013 3:25:06 PM
Posted by losingten, 9/25/2013 1:25:03 PM
Posted by letsnogin, 9/25/2003 3:55:05 PM
Posted by elginsnot, 9/25/2103 5:35:08 PM
Posted by leginsnot, 9/25/2003 4:25:02 PM
Posted by lenintogs, 9/25/2013 3:24:05 PM
Posted by nelsongit, 9/25/2003 2:35:03 PM
Posted by notingles, 9/25/2103 1:19:09 PM
Posted by gentsloin, 9/25/2013 1:29:04 PM
Posted by goesintnl, 9/25/2013 3:27:09 PM
.
.
.
Posted by netlogins, 9/25/2003 3:25:02 PM

The two reasons LE makes arrests in this Victimless area are: a) win votes by appearing to look tough on crime; b) raise money.

If they start blowing cash to break coded emails, there goes any money they will raise. It's not a trivial thing to break PGP.

But back to the originator - if you're this paranoid maybe you should stick with whatever you're getting from your girlfriend/wife or use self service. As one other already said - if you stick with a well reviewed independent provider, your chances of getting nailed by LE are very low.

Consider two cases:
1) interception of cleartext email
Encryption addresses the confidentiality concern.  But has anyone heard of LE doing this?  Its fairly sophisticated.

2) seizure of equipment as evidence
Logical security depends on physical security.  Once they are in possession of your computer, they would have your private key and would decrypt your messages.  

As an aside, I think its interesting to consider physical security while regarding LE as an intruder.  Ordinarily, LE is the entity ultimately relied to protect physical security.  Attempting to prevent a physical security breach by an intruder entitled to have access (with cause) is funny.

Security is extremely difficult to implement to reasonable standards even when you understand it.  In most scenarios, amateur security configuration can be cracked by professionals.  Unless you think LE would only employ amateurs, don't take chances with your messages.  Forget about security controls and limit your content.

What kind of evidence should LE expect to find?  There's no reason to communicate anything incriminating through email anyway.  Such email should be discarded by providers without response and real hobbyists should be too smart to send it in the first place.

cheers,
cy

With LE, once things come to warrants and siezure, yeah, you're screwed.  But it's not hard to imagine LE passively (and illegally) snooping just to learn more.  (e.g. "Meet you at the ___ hotel at 8pm.")  Once they know enough details, they could fake up something to get probable cause, or "just happen" to be in the right place at the right time to see something suspicious.

But I only mention LE as a "classical" example threat.  There could also be the computer guy at your company who might be snooping all the smtp/pop/imap sessions, the suspicious wife (ok, the traffic analysis is enough for her (e.g. "Who the hell is [email protected]?!") but still, it's best to spare her the details), your curious kid who is reading your mail when you think he's just playing games up there, the guy at the ISP who gets off on reading people's sexy mail or makes a little on the side by blackmailing, etc.  The world is bigger than just providers, their clients, and LE.  And the nature of our communication makes higher-than-average privacy desirable.

Probably paranoia.  But sometimes the possible dangers are real, and that's part of why we wear condoms.

"Forget about security controls and limit your content."

Limiting content is indeed wise.

"Save your PGP and S/MIMI keys and concentrate on DFK & DATY/DATO."

I usually prefer arguments that involve reason, but somehow I find this to be VERY compelling.

Funny you should write about this.

Not long ago, I noticed a provider profile that advertises availability of a PGP encrypted mail:

http://www.eros-dc.com/files/dc-elle16.htm

I seem to recall seeing a TER profile and reviews as well, but can't seem to find it any longer.